ROS-20260529-73-0021

The vulnerability in opensearch relates to the use of a name with an incorrect link. Exploiting this vulnerability could allow a perpetrator to cause a service failure...

ROS-20260529-73-0024

The vulnerability in opensearch is related to deficiencies in access control. Exploiting this vulnerability can allow an attacker to enhance their privileges...

@agentionai/agents (>=0.11.0 <=0.12.0-beta), @andreafspeziale/nestjs-search (>=2.0.0 <=2.0.1) +83 more potentially affected by unknown CVE via @opensearch-project/opensearch (>=3.2.0 <=3.6.0)

@opensearch-project/opensearch NPM version =3.2.0, =0.11.0, =2.0.0, =1.8.0, =3.0.17, =1.0.84, =0.1.0, =1.0.1, =0.1.0, =0.1.0, =0.0.0, =0.5.1 and more Source cves: unknown CVE Source advisory: OSV:MAL-2026-3434...

@agentionai/agents (>=0.11.0 <=0.12.0-beta), @andreafspeziale/nestjs-search (>=2.0.0 <=2.0.1) +83 more potentially affected by unknown CVE via @opensearch-project/opensearch (>=3.2.0 <=3.6.0)

@opensearch-project/opensearch NPM version =3.2.0, =0.11.0, =2.0.0, =1.8.0, =3.0.17, =1.0.84, =0.1.0, =1.0.1, =0.1.0, =0.1.0, =0.0.0, =0.5.1 and more Source cves: unknown CVE Source advisory: SNYK:JS-OPENSEARCHPROJECTOPENSEARCH-16640915...

ROS-20260216-73-0045

Vulnerability in opensearch related to uncontrolled recursion. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

Linux Distros Unpatched Vulnerability : CVE-2025-9624

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability in OpenSearch allows attackers to cause Denial of Service DoS by submitting complex querystring inputs. This issue affects all OpenSearch versio...

com.digitalpebble.stormcrawler:storm-crawler-opensearch (=2.11), com.erudika:para-search-elasticsearch (>=1.40.5 <=1.41.3) +84 more potentially affected by CVE-2025-9624 via org.opensearch:opensearch (>=2.0.0-rc1 <=2.19.3)

org.opensearch:opensearch MAVEN version =2.0.0-rc1, =1.40.5, =1.0.0-TEST, =3.0.7, =0.1.3, =0.1.3, =0.1.3, =0.1.2, =0.1.2, =0.1.2, =1.2.3, =1.2.3, =1.2.3, =4.0.0.0, =4.0.5.2 and more Source cves: CVE-2025-9624 Source advisory: SNYK:JAVA-ORGOPENSEARCH-14122812https://vulners.com/sny...

com.erudika:para-search-elasticsearch (=1.42.0), org.codelibs.fesen.client:fesen-httpclient (>=3.0.0 <=3.2.0) +26 more potentially affected by CVE-2025-9624 via org.opensearch:opensearch (>=3.0.0-alpha1 <=3.2.0)

org.opensearch:opensearch MAVEN version =3.0.0-alpha1, =3.0.0, =15.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0.0, =3.22.0, =3.0.0, =3.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.2 and more Source cves: CVE-2025-9624 Source advisory: SNYK:JAVA-ORGOPENSEARCH-14122812...

CVE-2025-9624

A vulnerability in OpenSearch allows attackers to cause Denial of Service DoS by submitting complex querystring inputs. This issue affects all OpenSearch versions between 3.0.0 and 3.3.0 and OpenSearch 2.19.4...

org.opensearch.dataprepper.plugins:otel-trace-group-processor (>=2.12.0 <=2.12.1) potentially affected by CVE-2025-62371 via org.opensearch.dataprepper.plugins:opensearch (>=2.12.0 <=2.12.1)

org.opensearch.dataprepper.plugins:opensearch MAVEN version =2.12.0, =2.12.0, =2.12.1 Source cves: CVE-2025-62371 Source advisory: SNYK:JAVA-ORGOPENSEARCHDATAPREPPERPLUGINS-13561982...

EUVD-2025-2534

Malicious code in bioql PyPI...

Sensitive Information Disclosure

OpenSearch is vulnerable to Sensitive Information Disclosure. The vulnerability is due to redacted values being retrievable through range queries and the fields option in the search API...

Linux Distros Unpatched Vulnerability : CVE-2023-23613

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenSearch is an open source distributed and RESTful search engine. In affected versions there is an issue in the implementation of field-level security FLS and...

ROS-20250624-02

Vulnerability in OpenSearch software package related to lack of Markdown cleanup on header or footer previews header or footer preview. Exploitation of the vulnerability could allow an attacker to, execute arbitrary code...

CVE-2020-8954

OpenSearch Web browser 1.0.4.9 allows Intent Scheme Hijacking.a link that opens another app in the browser can be manipulated...

ROS-20250403-14

Vulnerability in the OpenSearch software package due to a problem in the implementation of Field Level Security FLS. Field Level Security FLS. Exploitation of the vulnerability could allow an attacker to obtain sensitive data Vulnerability in the OpenSearch software package due to missing spaces ...

ROS-20250403-11

Vulnerability in the OpenSearch software package related to calls that utilize an internal underlying Identity Provider IdP rather than other externally configured IdPs. Exploitation of the vulnerability could Allow an attacker to impact data integrity...

CVE-2024-54160

dashboards-reporting aka Dashboards Reports before 2.19.0.0, as shipped in OpenSearch before 2.19, allows XSS because Markdown is not sanitized when previewing a header or footer...

CVE-2025-21545

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft component: OpenSearch. Supported versions that are affected are 8.60 and 8.61. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise...

CVE-2025-23671

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in sav WP OpenSearch wp-opensearch allows Stored XSS.This issue affects WP OpenSearch: from n/a through = 1.0...